Bug 1347710 - Enable sandbox protections for the Windows GPU process r=bobowen

It seems that all the warnings caused by the GPU sandbox have been fixed, and the transparent window issue was resolved in D61370. Hopefully there are no further complications and this can stay landed. Differential Revision: https://phabricator.services.mozilla.com/D18876 --HG-- extra : moz-landing-system : lando
2020-04-15 20:08:29 +00:00 · 2020-04-15 20:08:29 +00:00 · 6590a743a5
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@ -1032,7 +1032,7 @@ pref("dom.ipc.shims.enabledWarnings", false);
  // For information on what the level number means, see
  // SetSecurityLevelForGPUProcess() in
  // security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
-  pref("security.sandbox.gpu.level", 0);
+  pref("security.sandbox.gpu.level", 1);

  // Controls whether we disable win32k for the processes.
  // true means that win32k system calls are not permitted.
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@ -580,7 +580,7 @@ void GeckoChildProcessHost::PrepareLaunch() {
      mEnableSandboxLogging || !!PR_GetEnv("MOZ_SANDBOX_LOGGING");

  if (ShouldHaveDirectoryService() && mProcessType == GeckoProcessType_GPU) {
-    mozilla::Unused << NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+    mozilla::Unused << NS_GetSpecialDirectory(NS_APP_PROFILE_DIR_STARTUP,
                                              getter_AddRefs(mProfileDir));
  }
 #  endif